<%@LANGUAGE="VBSCRIPT" CODEPAGE="1251"%>
<%if session("Acc")<>1 then response.Redirect "default.asp"%>
<!--#include file="../Connect/Connection.asp"-->
<%

'For Each name In Request.Form
'	response.Write name & " -- [" & Request.Form(name) & "]<br>"
'Next

FUNCTION ReplaceSpec(Str)
	Str=Replace(Str,"%","%25")
	Str=Replace(Str,"/","%2F")
	Str=Replace(Str,"\","%5C")
	Str=Replace(Str,"|","%7C")
	Str=Replace(Str,";","%3B")
	Str=Replace(Str,":","%3A")
	Str=Replace(Str,",","%2C")
	Str=Replace(Str,"!","%21")
	Str=Replace(Str,"?","%3F")
	Str=Replace(Str,"'","%27")
	Str=Replace(Str,"""","%22")
	Str=Replace(Str,"#","%23")
	Str=Replace(Str,"$","%24")
	Str=Replace(Str,"^","%5E")
	Str=Replace(Str,"&","%26")
	Str=Replace(Str,"*","%2A")
	Str=Replace(Str,"(","%28")
	Str=Replace(Str,")","%29")
	Str=Replace(Str,"+","%2B")
	Str=Replace(Str,"=","%3D")
	Str=Replace(Str," ","+")
	ReplaceSpec=Str
END FUNCTION 

		Set cnn=Server.CreateObject("ADODB.Connection")
		Set cmd=Server.CreateObject("ADODB.Command")
		cnn.open connStr&";Initial Catalog=sms_d"
		
		Const adCmdStoredProc = &H0004
		Const adVarChar = 200
		Const adInteger = 3
		Const adParamInput = &H0001
		Const adParamOutput = &H0002
		
		sScript=Trim(Request.Form("Script"))
		if Len(sScript)>0 then
			if Mid(sScript,1,1)="\" or Mid(sScript,1,1)="/" then
				sScript=Mid(sScript,2,len(sScript))
			end if
		end if

		mOther=Trim(Request.Form("other"))
		if Len(mOther)>0 then
			if Mid(mOther,1,1)<>"&" then
				mOther = "&" & mOther
			end if
		end if

		sQuery = "Message_id=" & ReplaceSpec(Request.Form("Message_id")) & "&" & _
				 "Ver=" & ReplaceSpec(Request.Form("Ver")) & "&" & _
				 "Payment_id=" & ReplaceSpec(Request.Form("Payment_id")) & "&" & _
				 "Code=" & ReplaceSpec(Request.Form("Code")) & "&" & _
				 "Order=" & ReplaceSpec(Request.Form("Order")) & "&" & _
				 "Sum=" & ReplaceSpec(Request.Form("Sum")) & "&" & _
				 "Phone=" & ReplaceSpec(Request.Form("Phone")) & "&" & _
				 "DateTime=" & ReplaceSpec(Request.Form("DateTime")) & mOther
		
		if LCase(Request.Form("Method"))="post" then
			pPostData=sQuery
			pQuery=""
		else
			pQuery=sQuery
			pPostData=""
		end if
	
		With cmd
			.ActiveConnection = cnn
			.CommandType = adCmdStoredProc
			.Commandtext = "sp_HTTPRequests_Add"
			.Parameters.Append .CreateParameter("@Protocol", advarchar, adParamInput,5)
			.Parameters.Append .CreateParameter("@Method", advarchar, adParamInput,4)
			.Parameters.Append .CreateParameter("@Login", advarchar, adParamInput,24)
			.Parameters.Append .CreateParameter("@Password", advarchar, adParamInput,32)
			.Parameters.Append .CreateParameter("@Host", advarchar, adParamInput,48)
			.Parameters.Append .CreateParameter("@Port", advarchar, adParamInput,5)
			.Parameters.Append .CreateParameter("@Script", advarchar, adParamInput,128)
			.Parameters.Append .CreateParameter("@Query", advarchar, adParamInput,1024)
			.Parameters.Append .CreateParameter("@PostData", advarchar, adParamInput,1024)
			.Parameters.Append .CreateParameter("@ContentType", advarchar, adParamInput,36)
			.Parameters.Append .CreateParameter("@Service", advarchar, adParamInput,12)
			.Parameters.Append .CreateParameter("@CertFile", advarchar, adParamInput,50)
			.Parameters.Append .CreateParameter("@KeyFile", advarchar, adParamInput,50)
			.Parameters.Append .CreateParameter("@RootCertFile", advarchar, adParamInput,50)
			.Parameters.Append .CreateParameter("@Id_Ans", adinteger, adParamOutput)
			
			.Parameters("@Protocol")=Request.Form("Protocol")
			.Parameters("@Method")=Request.Form("Method")
			.Parameters("@Login")=Request.Form("Login")
			.Parameters("@Password")=Request.Form("Password")
			.Parameters("@Host")=Request.Form("Host")
			.Parameters("@Port")=Request.Form("Port")
			.Parameters("@Script")=sScript
			.Parameters("@Query")=pQuery
			.Parameters("@PostData")=pPostData
			.Parameters("@ContentType")=Request.Form("ContentType")
			.Parameters("@Service")=Request.Form("Service")
			.Parameters("@CertFile")=Request.Form("CertFile")
			.Parameters("@KeyFile")=Request.Form("KeyFile")
			.Parameters("@RootCertFile")=Request.Form("RootCertFile")
			
			.Execute
		End with
		
		Mess=Request.Form("ErrIp")
		Answer=cmd.Parameters("@Id_Ans")
		
		if Answer=-7 then
			Server.Transfer("CheckCnn.asp")
		elseif Len(Trim(Answer))>0 then
			session("CheckHTTPRequest")=Answer
			Response.Redirect "Requests.asp"
		else
			session("CheckHTTPRequest")="-123"
			Response.Redirect "Requests.asp"
		end if
		
		set cmd=nothing
		cnn.close
		set cnn=nothing

%>
